@ainmosni

I've already collected one anecdotal response.

https://mastodonapp.uk/@JdeBP/112813114562289051

@ainmosni I don't think it's totally a "Modern Microsoft problem"

But I think there's a case that at least partially the fault of late 90s/early 2000s Microsoft, who were more than happy enough to ignore security until it became too big a problem to ignore, creating the environment for a swathe of slightly dodgy AV vendors to grow into?

@ainmosni

Problem itself is certainly not the fault of Windows, but I think such a great stoppage in the critical operation is.

On Linux rollback using Btrfs snapshots is something common. You can uninstall faulty program, rollback to older version and pin it to prevent updating without even booting the system from the disk. There is also a world of immutable distros, which propably would just boot to previous (pre-update) slot and show notification.

Meanwhile entering Windows recovery mode for a temporary fix looks like that: https://101010.pl/@didek/112812731137102264

@ainmosni the way tooany permissions problem you mentioned - is a Microsoft problem

It's the way Windows designed it to work, to promote Defender and make it unnecessary more difficult for commercial products, and mostly impossible for open source - to tackle the functionality of Defender on Windows

Perspective of shared responsibility, of course - just to be clear, the permissions problem is not really a choice of CrowdStrike

@ainmosni

You're completely right.

The problem is with the model of automatic and forced updates, where users have no process of "acceptance testing" (and no practical mechanism to roll back if a version fails the test).

Unfortunately, I see it creeping into the world of Linux users, too.

For example, Ubuntu seemed pretty good about 10 years ago when I started using it, but it migrated to a model of forced updates (also switching to the snap package manager, which also brings with it some other problems). (I ran the same version of Ubuntu for 10 years before switching to LMDE6 this year.)

@ainmosni I've had this exact thing happen with CrowdStrike Falcon on a couple of Linux servers last year, where a buggy CS update caused their kernel module to randomly corrupt kernel memory, resulting in occasional crashes.

So yes, not an OS problem, but a problem with this particular class of security software that has its tendrils all along the spine of an operating system.

@ainmosni
2. The filter mechanism of Linux distros failed and we got the fault update (that no one knows of)? Backup before an update and the update failed, we can still roll back with BTRFS or roll back to the last bootable image when using an immutable distro (Mentioned by @didek ).

(continued in the next comment)

@ainmosni
Windows does not have all this, all it has is, a non-snapshot and non-immutable OS model that's relying on forced automatic updates that are sent directly to all Windows machines around the globe without the different distros review and testing mechanism that usually their updates goes through.

So It's not just a technical issue, it's also a philosophical issue in Windows.

@ainmosni My experience is the opposite. In any org that I was allowed a company-owned and issued Linux system, we were exempt from the requirement to have the enterprise remote install/control BS. (Only two orgs allowed this.)

That said, it's certainly _possible_ to have similar procedures and process around a Linux install base -- and also similarly ill-advised.

@ainmosni crowdstrike stated it was only rolled out to Windows, not apple or linux.

So could easily have been all 3....

@ainmosni

The bad actors could try, but it really is a Windows design problem.

It should not automagically install new drivers.

No other OS does this.

#Linux #CrowdStrike #Windows